jakiro
Yona is a layer 2 (rollup) powered by SVM on Bitcoin.
While inheriting the security of Bitcoin’s crypto economics, Yona realizes rich programmability and unprecedented execution expansion of Bitcoin and its assets.
To achieve this, Yona implements a trustless two-way peg between BTC on Bitcoin and BTC on Yona and can unilaterally exit.We call this Yona native hook a canonical hook.
The main design feature of Yona is that it aims to move from traditional joint TSS-MPC bridges to a specification of two-way hooks—a mechanism that relies entirely on cryptographic proofs and Bitcoin consensus.In other words, the two-way normative hook does not depend on any external consensus.
Features of L2 specification hooks
Rollup must provide the ability to enter (deposit) and exit (withdrawal).
Unilateral deposits and withdrawals are crucial to ensure the availability and censorship resistance of Bitcoin and dollar assets.
While the implementation of deposits is simple (proven by SPV), the correct unilateral exit requires a direct demonstration of its validity on Bitcoin.
We propose a more practical approach that will gradually build on Ethereum’s existing crypto economic infrastructure, aiming to gradually integrate as much Bitcoin security as possible to be the most supported by the most core BitcoinThose who accept it.
Bitcoin (BTC) specification hooks
Our BTC native hooks are powered by the crypto-economic security combined with EigenLayer and BitVM.
BitVM allows verification of off-chain execution of Bitcoin, and anyone can make fraud proofs and punish proofs.BitVM is the encryption security source for Yona specification hooks.
Eigenlayer provides access to Ethereum staking capital base and decentralized validator set.Eigenlayer is the source of economic security for Yona specification linkages.
Yona Peg operators are entities that assist in the normal mode operation of the hook (i.e. deposit/extraction of BTC).Any Peg operator needs to perform two roles:
BitVM recharge/withdrawal contract counterparty (for normal mode operation)
AVS Operator (for one-sided exit)
It should be emphasized that Yona Peg Operator will never be able to access deposited Bitcoin that is not protected by BitVM contracts and is orders of magnitude lower than AVS staking assets.
There are multiple link operators, at least one of which must be honest, but even in cases where all operators are not honest, they cannot steal any deposits and at worst they will only burn them.
When users deposit BTC into the sidechain, they establish a withdrawal BitVM contract with Peg Operator.After the contract is established, the user directly sends UTXO to the BitVM address.Please note that at any time, this UTXO does not belong to the proofreader.
When users (possibly different users) provide proof of valid withdrawal from Yona, they use the withdrawal contract again (a new contract with the operator if they do not deposit BTC to Yona).
If a denial of service or review occurs, the Peg operator will be unable or unwilling to create a BitVM contract.This is where EigenLayer’s economic security comes into play.On the one hand, operators cannot steal deposited bitcoins, so there is no benefit to refuse to provide withdrawal services.But this is obviously not enough.Therefore, we use the EigneLayer cuts to introduce the major drawbacks of rejecting withdrawals.
If for some reason the peg operator refuses to create a withdrawal contract, the user can submit a Bitcoin transaction with the request and prove to our EigenLayer contract that the withdrawal contract was not created.This will cut operator benefits.
Likewise, in the case of unilateral withdrawal, the withdrawer may provide proof of a valid withdrawal from Yona.Peg operators have up to N blocks to provide proof of their completed withdrawal request.If no proof is provided, the operator will be cut on the EigenLayer and the user can withdraw money directly from the BitVM contract.
Meta-Agreement Specification for Double Hooks, One-sided Exit without Trust
Another major innovation is that Yona can implement a completely trustless, pure encryption-free normatively pegged Bitcoin currency protocol and does not rely on economic security.
Metaprotocols (such as BRC-20) use bitcoin to record data and use an off-chain indexer to independently verify metaprotocol transactions.This allows for the construction of an efficient and trustless Rollup as a fast programmable layer of the metaprotocol.
The main difference between Rollup and sidechains is that Rollup allows unilateral exits without trust: users can extract their BRC-20 from Rollup by executing Bitcoin transactions without the need for third parties to participate (such as Rollup operations, validators, or bridges)).
Next we will focus on the BRC-20 use cases.
The hooking mechanism is as follows:
To enter rollup, users need to “destroy” BRC-20 on Bitcoin L1, prove the destruction to rollup’s smart contract (via Bitcoin ZK light client), and can mint the same inscription on L2.Destruction can be achieved on L1 by sending a “TRANSFER” transaction to an “OP_RETURN” script that does not contain any data.
To exit the summary, users need to “burn” the BRC-20 on L2 and “mint” them on Bitcoin L1 with ZK proof of valid withdrawal.
Proof of valid exit from ZK includes:
Commitment to input to L2 withdrawal transactions and Merkle root of rollup status tree
Rollup’s zkVM has performed the calculation correctly and the resulting BRC20 balance is greater than or equal to the withdrawal amount
No violation of the total supply invariant (i.e., the total supply of BRC20 = BTC supply + L2 supply + amount to be withdrawn)
The Bitcoin network itself cannot verify zero-knowledge proofs because the bitcoin script does not have the necessary opcodes.However, since the indexer can perform verification, this is not necessary.BRC-20 has relied on an off-chain indexer to rebuild the BRC-20 balance, and the only thing you need to do is support for proof of exit verification of withdrawal transactions on the indexer.
If L2 is not available, there is no proof of heartbeat on the DA layer for a certain time (e.g. 5 days) allowing the user to unilateral withdrawal by sending a Bitcoin transaction, i.e. the off-chain BRC20 indexer can process the withdrawal without the L2 withdrawal transaction.
If L2 starts reviewing withdrawals, users can initiate withdrawals by sending Bitcoin transactions with withdrawal requests.The L2-linked operator has 24 hours to perform withdrawals and submit proofs.If this does not happen, the user can submit the following proof:
Request unilateral withdrawal through Bitcoin transaction
L2 unilateral withdrawal was not handled in time
There is a valid outstanding balance of BRC20 to be withdrawn
By verifying this proof, the off-chain BRC20 indexer returns ownership without checking the L2 withdrawal transaction.
So Yona is the first L2 to offer a completely trustless bitcoin dollar asset pegged.
